CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 18, 2026

Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely

Cybersecurity News Archived Jun 18, 2026 ✓ Full text saved

Cisco has disclosed critical security vulnerabilities in its Identity Services Engine (ISE) that could allow attackers to execute malicious code remotely and access sensitive data, posing a significant risk to enterprise networks. The vulnerabilities, tracked as CVE-2026-20181 and CVE-2026-20190, were published under advisory ID cisco-sa-ise-multi-G5WP8vv on June 17, 2026. With a CVSS score of 9.1, […] The post Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely a

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCisco Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely By Abinaya June 18, 2026 Cisco has disclosed critical security vulnerabilities in its Identity Services Engine (ISE) that could allow attackers to execute malicious code remotely and access sensitive data, posing a significant risk to enterprise networks. The vulnerabilities, tracked as CVE-2026-20181 and CVE-2026-20190, were published under advisory ID cisco-sa-ise-multi-G5WP8vv on June 17, 2026. With a CVSS score of 9.1, the flaws impact Cisco ISE and ISE Passive Identity Connector (ISE-PIC) deployments regardless of configuration. The most severe issue, CVE-2026-20181, is a remote code execution (RCE) vulnerability caused by improper validation of user-supplied input. An authenticated attacker with administrative privileges can exploit the flaw by sending a crafted HTTP request to the affected system. Cisco ISE RCE Vulnerability Successful exploitation allows attackers to execute arbitrary commands on the underlying operating system. Attackers may initially gain user-level access and then escalate their privileges to root, gaining full control of the device. In single-node deployments, exploitation can also lead to a denial-of-service condition, preventing new endpoints from authenticating to the network until the system is restored. This could disrupt enterprise access control systems that rely on Cisco ISE. The second flaw, CVE-2026-20190, is an information disclosure vulnerability caused by improper authorization checks. Unlike the RCE issue, this vulnerability can be exploited by an unauthenticated remote attacker. By sending crafted requests, attackers may gain access to sensitive information stored on the device, including hashed credentials. These credentials could be leveraged in further attacks, increasing the risk of lateral movement within a network. Cisco confirmed that all versions of ISE and ISE-PIC are affected, though specific vulnerabilities vary by release. Cisco has released fixes for the vulnerabilities in ISE 3.3 Patch 11 and ISE 3.4 Patch 6, with a fix for ISE 3.5 Patch 4 planned for August 2026. Earlier versions must be migrated to supported releases, and no workarounds are available, making patching the only effective mitigation. Cisco’s Product Security Incident Response Team (PSIRT) stated that there is currently no evidence of active exploitation in the wild. However, given the high severity and ease of exploitation, organizations are strongly advised to prioritize updates. The vulnerabilities were reported by security researchers from TrendAI, STAR Labs, and the Zero Day Initiative, highlighting coordinated industry efforts in responsible disclosure. Organizations using Cisco ISE should immediately assess their exposure and upgrade to fixed software versions. Additional defensive measures include: Restricting administrative access to trusted networks, Monitoring logs for suspicious HTTP requests, Reviewing authentication and privilege escalation activity. These vulnerabilities underscore the critical role of identity infrastructure in enterprise security and the potential impact when such systems are compromised. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks 27-Year-Old OpenBSD Vulnerability Allows Attackers to Bypass PAP Authentication Entirely Microsoft 365 Device Code Phishing Campaign Bypasses Password Theft With Legitimate Login Flow OptinMonster Plugin Hack Exposes 1.2 Million WordPress Sites to Cyberattack PRC-Nexus Hackers Exploit REDCap Servers to Spy on US Medical Research Institutions Latest News Cyber Security News F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks Cyber Security News Hackers Abuse PowerShell Commands to Deliver SmartRAT Through Brazilian Bank Phishing Page Cyber Security News Evilginx AiTM Attack Captures Microsoft Credentials, MFA Tokens, and Authenticated Sessions Cyber Security PoC Exploit Released for HTTP/2 Bomb Remote DoS Vulnerability in Apache HTTP Server Cyber Security News Hackers Abuse PowerShell, VBScript, and BAT Files to Deliver Xctdoor Backdoor
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 18, 2026
    Archived
    Jun 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗